A Rundown of ATM Fraud Threats

According to the last survey conducted by the European ATM Security team, card skimming is still the most prevalent crime in 27 European countries. Action has been taken, and 61% of European countries have reported a decrease in card skimming because of the implementation of Europay (EMV technology that’s embedded in ATMs requiring two-factor authentication) drastically reducing the risk of stolen credentials.)

At the same time however, we have noted an increase in cash trapping attacks. This is where cash dispensing slots are targeted by fraudsters who replace these ATM’s components with fake devices.

In the U.S., ATM fraud is expected to increase due to the transition to EMV standards in Europe, Asia, Latin America and Canada where EMV embedded chip cards are more difficult to counterfeit than magnetic stripe cards used in the U.S. Because of this, many criminal organizations will likely view the U.S. as an attractive target.

ATM fraud has become more sophisticated over the years, and the attacks are highly organized. Investments have been made to develop fraudulent devices that take advantage of trends in terms of components: miniaturization, storage, WiFi communication, and battery life.

Skimming, still the most common type of attack, uses devices (skimmers) to capture cardholder data from the magnetic stripe IE copying the TRACK2 information on the magnetic stripe of the card. In general a skimming device is installed over the top of the ATM’s card reader, sometimes installed inside the ATM. The skimmer will capture the card data prior to the ATM card reader and the data will be stored and transmitted to attackers. Skimming is often combined with other devices, cameras and a fake keypad to capture the PIN number.

Card trapping aims to steal the consumer’s card and use it at a later time by the attacker. This attack is often combined with the use of other devices such as cameras, and the fake keypad described previously.

Currency trapping, fishing used to steal the cash. This can be through a false dispenser (trapping attacks) or using wires or probes to prevent cash being dispensed (fishing). The attacker will retrieve the cash as soon as the consumer leaves the ATM.

Transaction reversal is an attempt to create an error condition at the ATM. This results in a transaction reversal due to the reported inability to dispense cash.

Dummy ATMs are ATMs that are bought and set up by criminals. They are installed in areas with high pedestrian traffic for the one purpose of reading consumer card data. These machines are typically powered by batteries or a surrounding power socket.

- Logical / Data Attacks

Targeting the ATM’s software OS, logical attackers include the authors of a virus and hackers who install malware. The logical attack is still one of the most difficult to detect. The impact can be very high as it will impact and compromise thousands of consumers’ data. The logical attacks include malware and viruses.

Hackers attempt to install malware in order to violate integrity, confidentiality and authenticity of data transactions. The purpose is to gather cardholder data and dispense cash. Attacks can be either locally or remotely executed. Local attacks are performed through downloading malware, or sniffing communication between card reader and ATM central unit using a USB drive that is connected to the ATM computer. Locking the system will prevent any unauthorized programs they run.

Remote attacks target the ATM networks and attempt to compromise the communication with the host. These attacks are more critical because a hacker does not need to open up the ATMs.

ATM networks are still vulnerable to similar IP based networks attacks. Remote attacks such as eavesdropping, spoofing, denial of service, sniffing and virtual channel theft are almost always carried out by criminal organizations.

- Physical attacks

Physical attacks are usually perpetrated to gain access to the cash and valuable ATM components such as the safe, the top hat, presenter and depositor or in some other cases, the entire ATM. Depending on the component targeted, the attacks can be described as below:

Because it contains the cash, the safe is still the first common target. The perpetrator’s efforts concentrate on the locks, handles and hinges of the safe. In some cases the top hat is targeted to steal the ATM hard drive or for attaching skimming devices or USB devices to download malware. The presenter and depositor can be subject to attacks where perpetrators attempt to access an ATM’s cash sources (deposits). Therefore they will use several methods: cutting, drilling, burning devices (torch), pulling the safe door, using pry bars, bombs and other explosive devices. Other physical attacks will attempt to remove the ATM, and move it to another location, ramming the ATM with a car or truck, pulling it using a chain and a car, or lifting it from its foundation with forklift.

In today’s day and age ATM threats are becoming more common than ever. People need to be alert and stay up to date with as to what is going on around them in order to stay protected from these increasing threats.